CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,246 vulnerabilities with CWE-79
CVE-2025-28879 MEDIUM
Bee Layer Slider <= 1.1 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2025-28878 MEDIUM
Awesome Surveys <= 2.0.10 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28875 MEDIUM
shanebp BP Email Assign Templates <= 1.6 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28871 MEDIUM
Block Spam By Math Reloaded <= 2.2.4 - Stored Cross-Site Scripting
CVSS 5.9
CVE-2025-28870 MEDIUM
amoCRM WebForm <= 1.1 - DOM-Based Cross-Site Scripting
CVSS 6.5
CVE-2025-2207 LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sys/dept Name Parameter
CVSS 2.4
CVE-2025-2206 LOW
aitangbao springboot-manager 3.0 - Cross-Site Scripting via /sys/permission Name Parameter
CVSS 2.4
CVE-2025-25929 MEDIUM
OpenMRS 2.4.3 - Reflected Cross-Site Scripting via QuickReportServlet reportType Parameter
CVSS 5.4
CVE-2025-25925 MEDIUM
OpenMRS v2.4.3 Build 0ff0ed - Stored Cross-Site Scripting via personName.middleName Parameter
CVSS 4.8
CVE-2025-25747 MEDIUM
HotelDruid 3.0.7 - Cross-Site Scripting via ripristina_backup Parameter
CVSS 5.4
CVE-2025-2196 LOW
MRCMS 3.1.2 - Cross-Site Scripting via File Upload Path Parameter
CVSS 3.5
CVE-2025-2195 LOW
MRCMS 3.1.2 - Cross-Site Scripting in File Rename Function
CVSS 3.5
CVE-2025-2194 LOW
MRCMS 3.1.2 - Cross-Site Scripting in File Controller Path Parameter
CVSS 3.5
CVE-2025-2191 LOW
Claro A7600-A1 RNR4-A72T-2x16_v2110403_CLA_32_160817 - XSS
CVSS 2.4
CVE-2025-1434 MEDIUM
Topkapi Vision Webserv2 1.0.0-6.2.5474 - Unauthenticated Stored Cross-Site Scripting in Spreadsheet View
CVSS 6.1
CVE-2025-0629 MEDIUM
Coronavirus (COVID-19) Notice Message WP <1.1.2 - XSS
CVSS 4.8
CVE-2025-27434 HIGH
SAP Commerce (Swagger UI) COM_CLOUD 2211 - Unauthenticated Cross-Site Scripting
CVSS 8.8
CVE-2025-27431 MEDIUM
SAP NetWeaver Application Server Java - XSS
CVSS 5.4
CVE-2025-26659 MEDIUM
SAP NetWeaver Application Server ABAP - XSS
CVSS 6.1
CVE-2025-25245 MEDIUM
SAP BusinessObjects Web Intelligence - XSS
CVSS 5.4
CVE-2025-25242 MEDIUM
SAP NetWeaver Application Server ABAP - XSS
CVSS 6.1
CVE-2025-0062 MEDIUM
SAP BusinessObjects Business Intelligence Platform - Stored Cross-Site Scripting in Web Intelligence Reports
CVSS 4.7
CVE-2025-27924 MEDIUM
Nintex Automation 5.6-5.7 - Stored Cross-Site Scripting via Navigate to a URL Action
CVSS 5.4
CVE-2025-25908 MEDIUM
tianti 2.3 - Stored Cross-Site Scripting via CoverImageURL Parameter
CVSS 5.4
CVE-2025-0660 MEDIUM
Concrete CMS 9.0.0-9.3.9 - Stored Cross-Site Scripting in Folder Name Input
CVSS 4.8
Details
Vulnerabilities 45,246
Exploit Likelihood High